WordPress.org

Make WordPress Core

Opened 14 months ago

Closed 14 months ago

Last modified 14 months ago

#45011 closed defect (bug) (duplicate)

Add source to $allowedposttags

Reported by: 1000camels Owned by:
Milestone: Priority: normal
Severity: normal Version: 5.1
Component: Media Keywords:
Focuses: Cc:
PR Number:

Description (last modified by SergeyBiryukov)

The source element, which is needed for audio, video and picture elements, is not included in the array of $allowedposttags in kses.php

It can be included on line 299, as:

		'source' => array(
			'sizes' => true,
			'src' => true,
			'srcset' => true,
			'type' => true,
			'media' => true
		),

This is important because media's audio shortcode applies the src to the source element. The source element is optional, but in this case it is not. If it is excluded, the player will render but not play.

I am not sure how wide-spread this case is, but I encountered it where do_shortcode was being applied to the the_excerpt filter before kses was applied. So an audio shortcode was being clobbered in a case that does not normally happen. Nevertheless, it would seem that the source element is valid and should be included.

Attachments (1)

kses.php (51.8 KB) - added by 1000camels 14 months ago.
This is a proposed patched version of kses.php

Download all attachments as: .zip

Change History (3)

@1000camels
14 months ago

This is a proposed patched version of kses.php

#1 @peterwilsoncc
14 months ago

  • Keywords needs-patch removed
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi @1000camels and welcome to trac.

Thanks for the ticket, ticket #29807 is already tracking adding picture and source to kses so I am going to close this as a duplicate.

There's a patch on the ticket already but some further work is needed to validate the srcset attribute. You're welcome to join the existing discussion.

For future reference, when suggesting changes it's best to upload a diff file rather than a full copy of the file to be modified. You can read the handbook for instructions on how to generate one via git or svn.

#2 @SergeyBiryukov
14 months ago

  • Description modified (diff)
Note: See TracTickets for help on using tickets.